<?php

	include '/home/hosting_users/sl2000/www/include/sl2000.php';
	include $INCLUDE_HOME.'/db/db_connect.php';
	
	session_start();
?>
<?

// username and password sent from form 
$userId=$_POST['userid']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$userId = stripslashes($userId);
$password = stripslashes($password);
$userId = mysql_real_escape_string($userId);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM tb_members WHERE userid='$userId' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
	$row = mysql_fetch_object($result);
	//print_r($row)."|";

	$_SESSION['userId'] = $row->userId;
	$_SESSION['category'] = $row->category;
	$LOGIN_USERID = $_SESSION['userId'];
	echo "<meta http-equiv='refresh' content='0;url=login_form.php'>";
}
else {
	echo "<script>alert('Wrong Username or Password');</script>";
	echo "<meta http-equiv='refresh' content='0;url=login_form.php'>";
}

?>


